spread/google: add support for service accounts

Add support for attaching service accounts to the instances created in GCP.

Signed-off-by: Maciej Borzecki <[email protected]>

spread/google.go

@@ -459,6 +459,17 @@ func (p *googleProvider) createMachine(ctx context.Context, system *System) (*go
 		},
 	}
 
+	if serviceAccount := p.backend.GoogleServiceAccount; serviceAccount != "" {
+		// XXX the service account could be set from google key
+		// credentials, but the account used in the context of the
+		// request may not have the permissions to attach a service
+		// account to the instance
+		params["serviceAccounts"] = []googleParams{{
+			"email":  serviceAccount,
+			"scopes": []string{"https://www.googleapis.com/auth/cloud-platform"},
+		}}
+	}
+
 	if system.SecureBoot {
 		params["shieldedInstanceConfig"] = googleParams{
 			"enableSecureBoot":          true,

spread/project.go

@@ -82,6 +82,9 @@ type Backend struct {
 
 	Priority OptionalInt
 	Manual   bool
+
+	// Only relevant for the Google backend
+	GoogleServiceAccount string `yaml:"google-service-account"`
 }
 
 func (b *Backend) String() string { return fmt.Sprintf("backend %q", b.Name) }
@@ -1024,6 +1027,12 @@ func (p *Project) Jobs(options *Options) ([]*Job, error) {
 		}
 		backend.Key = strings.TrimSpace(value)
 
+		value, err = evalone(bname+" backend GCP service account", backend.GoogleServiceAccount, cmdcache, true, penv, benv)
+		if err != nil {
+			return nil, err
+		}
+		backend.GoogleServiceAccount = strings.TrimSpace(value)
+
 		for _, system := range backend.Systems {
 			if system.Username != "" {
 				value, err := evalone(system.String()+" username", system.Username, cmdcache, false, penv, benv)